
Thank you EASA for sharing the videos and the slides, very useful for those who couldn't attend.
Carlos Sorel posted in Cybersecurity
Hello!
At the November workshop we were introduced to a self-assessment tool to check the level of compliance of our organizations which honestly looked very impressive. Is it published somewhere or is it already available for download?
Thanks and best regards.
Marc-Ch. Reichle posted in Cybersecurity
Hello and a happy new year to everyone!
I've got a question about how to deal with a new kind of ICAs, affecting every airline operating e-enabled aircraft.
OEMs are providing Aircraft Security Operator Guidance (ASOG) (e.g., Security Handbook or (U)ANSOG) to operators to ensure the safe operation of the aircraft. These documents - or to be more precise: the contained instructions - are categorized as ICAs (Instructions for Continued Airworthiness). Usually, it is the responsibility of CAMO to ensure all ICAs are taken care of.
The topics addressed in, and tasks required by the ASOGs are exceeding the common CAMO scope, reaching into areas of others responsibility (e.g., Flight Ops for Crew Processes and Procedures), IT for Digital Certificate management). The instructions are written, following the form of "The operator shall" or "xyz shall be ensured...".
EUROCAE ED-204A is recommending, operators are having an "Aircraft Information Security Center" (AISC) with trained specialists, "acting as the operator's point of contact for aircraft information security events".
Has anyone any experience or is willing to share his/her thoughts about how this could be implemented? Thinking of actions falling into the area and responsibility of others: Does each such tasks need to be interpreted as "subcontracted continuing airworthiness management tasks" (SCAMT)? Is there any more efficient, but regulatory wise acceptable, way to manage this kind of new type of ICAs?
Thank you very much in advance and with kind regards.
Vasileios Papageorgiou created a topic in Cybersecurity
Borja GARCIA-BLANCO created a topic in Cybersecurity
Franck Steunou commented on Vasileios PAPAGEORGIOU's topic in Cybersecurity
Thank you EASA for sharing the videos and the slides, very useful for those who couldn't attend.
Carlos Sorel posted in Cybersecurity
Regarding IS.I.OR.235, I wonder how we should approach cases in which an airline belongs to a corporation or group of companies, and that this parent company is the one that provides them with information security services. Should we understand that these services are being subcontracted to a third party or, on the contrary, understand that they are being provided as their own by the airline, being part of the same group of companies?
Davide MARTINI commented on Vasileios PAPAGEORGIOU's topic in Cybersecurity
Another great event that helped organizations and authorities to exchange and discuss. I was impressed by the active participation and the level of advancement of some organizations in the Part-IS implementation journey. Well done to all!
Vasileios PAPAGEORGIOU created a topic in Cybersecurity
John Straiton posted in Cybersecurity
From a newsletter I receive, perhaps a good example of the IS Insider Risk.
Pentagon Leaker Sentenced
Jack Teixeira, a former Massachusetts Air National Guard member who was arrested last year for leaking classified US military documents, was sentenced yesterday to 15 years in prison. The incident is considered the most extensive intelligence breach in at least a decade.
The sentencing comes after Teixeira, who turns 23 next month, pleaded guilty in March to six federal counts of willfully retaining and transmitting national defense information. In exchange for his plea, officials spared Teixeira from being charged with additional counts under the Espionage Act (see history\.
Teixeira was an information technology specialist who gained top-secret security clearance in 2021, two years after enlisting in the Air National Guard. Outside of worl<, he had been uploading a wide range of classified information, including about the war in Ukraine, to users on a Discord server (a gamer communication app) every week. The defense claimed Teixeira didn't mean to harm the US and was instead keeping his friends apprised of world events.
Gian Andrea Bandieri created a topic in Cybersecurity